Password Blacklist
Keycloak provides an easy method to add a password blacklist to your realm. This is useful for preventing users from choosing common or compromised passwords. If you don't have a password blacklist, you can use the one provided by Have I Been Pwned.
For subscribers of a dedicated cluster, contact support to enable to upload your list.
Enabling the password blacklist is done in the Keycloak Admin Console:
- Log in to the Keycloak Admin Console via the Phase Two Dashboard.
- Visit the realm you want to configure. Open the console link for the specific realm.
- Navigate to the Authentication section in the left sidebar.
- Click on the Policies tab and in the dropdown select Password Blacklist.
- Provide the name of the file. Click "Save" to designate the file.
